Exclusive
SQL Server 2005

Designing Security for Microsoft SQL Server 2005
(Microsoft Training Course: 2787) - 2 days - £1200 exc VAT



> Target Audience
This course enables database administrators who work with enterprise environments to design security for database systems using Microsoft SQL Server 2005.
> Course outline
  1. Introduction to Designing SQL Server Security
  2. Designing a SQL Server Systems Infrastructure Security Policy
  3. Designing Security Policies for Instances and Databases
  4. Integrating Data Encryption into a Database Security Design
  5. Designing a Security Exceptions Policy
  6. Designing a Response Strategy for Threats and Attacks


Module 1: Introduction to Designing SQL Server Security
  • Principles of Database Security
  • Methodology for Designing a SQL Server Security Policy
  • Monitoring SQL Server Security
Skills
  • Explain the principles of SQL Server security.
  • Describe the methodology to design a SQL Server security policy.
  • Explain the importance of monitoring SQL Server security.
top
Module 2: Designing a SQL Server Systems Infrastructure Security Policy
  • Integrating with Enterprise Authentication Systems
  • Developing Windows Server-level Security Policies
  • Developing a Secure Communication Policy
  • Defining SQL Server Security Monitoring Standards
  • Lab: Designing a SQL Server Systems Infrastructure Security Policy
  • Lab: Creating an Infrastructure Security Inventory
Skills
  • Integrate SQL Server security with enterprise-level authentication systems.
  • Develop Windows server-level security policies.
  • Develop a secure communication policy.
  • Define security monitoring standards for SQL Server at the enterprise and server level.
top
Module 3: Designing Security Policies for Instances and Databases
  • Designing an Instance-level Security Policy
  • Designing a Database-level Security Policy
  • Designing an Object-level Security Policy
  • Defining Security Monitoring Standards for Instances and Databases
  • Lab: Designing Security Policies for Instances and Databases
  • Lab: Validating Security Policies for Instances and Databases
Skills
  • Design a SQL Server instance-level security policy.
  • Design a database-level security policy.
  • Design an object-level security policy.
  • Define security monitoring standards for instances and databases.
top
Module 4: Integrating Data Encryption into a Database Security Design
  • Securing Data by Using Encryption and Certificates
  • Designing Data Encryption Policies
  • Determining a Key Storage Method
  • Lab: Integrating Data Encryption into a Database Security Design
Skills
  • Secure data by using encryption and certificates.
  • Design data encryption policies.
  • Determine a key storage method.
top
Module 5: Designing a Security Exceptions Policy
  • Analyzing Business and Regulatory Requirements
  • Determining the Exceptions and their Impact
  • Lab: Designing a Security Exceptions Policy
Skills
  • Analyze business and regulatory requirements.
  • Determine the exceptions and their impact on security.
top
Module 6: Designing a Response Strategy for Threats and Attacks
  • Designing a Response Policy for Virus and Worm Attacks
  • Designing a Response Policy for Denial-of-Service Attacks
  • Designing a Response Policy for Internal and SQL Injection Attacks
  • Lab: Designing a Response Strategy for Threats and Attacks
Skills
  • Design a response policy for virus and worm attacks.
  • Design a response policy to handle the denial-of-service attacks.
  • Design a response policy to prevent internal and SQL injection attacks.
top
> Pre-Requisites
Before attending this course, students must have the following pre-requisites:
  • Be familiar with SQL Server 2005 features, tools, and technologies.
  • Knowledge of the operating system and platform.
  • A working knowledge of Active Directory directory service.
  • Have experience creating Microsoft Visio drawings.
  • Knowledge of common attack methods.
  • Have a Microsoft Certified Technology Specialist: Microsoft SQL Server 2005 credential - or equivalent experience.
  • In addition, it is recommended, but not required, that students have completed: Course 2778, Writing Queries Using Microsoft SQL Server 2005 Transact-SQL; Course 2779, Implementing a Microsoft SQL Server 2005 Database; Course 2780, Maintaining a Microsoft SQL Server 2005 Database.
> Purpose
After completing this course, students will be able to explain the principles and methodology of designing SQL Server security; understand guidelines for implementing server-level security using authentication methods; explain how to design SQL Server instance-level, database-level, and object-level security policies; understand the guidelines and considerations for security data using encryption and certificates; respond to virus and worm attacks, denial-of-service attacks, and injection attacks.False